Our Blog

Goodbye to 2013, hello to 2014

Reading time: ~5 min
Posted by daniel on 23 December 2013
Categories: About:us
With 2013 coming to a close, I thought it pertinent to look back at the year we’ve had and also...

Botconf 2013

Reading time: ~2 min
Posted by etienne on 17 December 2013
Categories: Conferences, Presentations
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together...

Mobile Hacking on the West Coast

Reading time: ~2 min
Posted by etienne on 22 November 2013
Categories: Blackhat
December sees SensePost presenting Hacking by Numbers: Mobile at  BlackHat West Coast Trainings. This course was first presented at BlackHat...

RAT-a-tat-tat

Reading time: Less than a minute
Posted by jeremy on 22 November 2013
Categories: Conferences, Defense, Malware analysis, Nmap, Presentations, Programming
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison...

Never mind the spies: the security gaps inside your phone

Reading time: ~2 min
Posted by daniel on 15 November 2013
Categories: 44con, Show-off, Snoopy, Tools, Wifi
For the last year, Glenn and I have been obsessed with our phones; especially with regard to the data being...

A new owner for a new chapter

Reading time: ~1 min
Posted by Charl van der Walt on 01 November 2013
Categories: About:us
We’re pleased to announce our acquisition today by SecureData Europe. SecureData (www.secdata.com) is a complete independent security services provider based...

Offence oriented defence

Reading time: ~3 min
Posted by Dominic White on 06 September 2013
Categories: Conferences, Defense, Presentations, Product, Programming
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders...

44CON 2013

Reading time: ~3 min
Posted by daniel on 04 September 2013
Categories: 44con, Conferences
In one week, it’s 44CON time again! One of our favourite UK hacker cons. In keeping with our desire to...

BlackHat Conference: Z-Wave Security

Reading time: ~1 min
Posted by behrang on 19 August 2013
Categories: Blackhat, Conferences, Crypto, Presentations, Research, Z-force, Z-wave
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol...

Hacking by Numbers – The mobile edition

Reading time: ~3 min
Posted by etienne on 19 August 2013
Categories: Mobile, Pentest, Training
West Coast in the house, well actually more like an African visiting Seattle for Blackhat’s West Coast Trainings. We’ve had...

Rogue Access Points, a how-to

Reading time: ~12 min
Posted by Dominic White on 12 July 2013
Categories: Blackhat, Howto, Wifi
In preparation for our wireless training course at BlackHat Vegas in a few weeks, I spent some time updating the...

Technical Project Manager Role

Reading time: ~1 min
Posted by daniel on 06 June 2013
Categories: Jobs
As SensePost grows, so does our desire to ensure a healthy balance between technical savvy and organisational skills. As a...

A software level analysis of TrustZone OS and Trustlets in Samsung Galaxy Phone

Reading time: ~15 min
Posted by behrang on 04 June 2013
Categories: Mobile, Programming, Python
Introduction: New types of mobile applications based on Trusted Execution Environments (TEE) and most notably ARM TrustZone micro-kernels are emerging which...

BlackHat Challenge – 2013

Reading time: ~2 min
Posted by Ian de Villiers on 03 June 2013
Categories: Blackhat
One of the things we try and get across in our training – is that pen-testing requires out of the...

Honey, I’m home!! – Hacking Z-Wave & other Black Hat news

Reading time: ~7 min
Posted by Charl van der Walt on 01 June 2013
Categories: Blackhat, Conferences, Infosec-soapies, Presentations, Training
You’ve probably never thought of this, but the home automation market in the US was worth approximately $3.2 billion in...

Something about sudo, Kingcope and re-inventing the wheel

Reading time: ~5 min
Posted by george on 27 May 2013
Categories: Backdoor, Fun, Howto, Infrastructure, Internals, Linux, Local, Post-exploitation, Shells, Silly-yammerings, Tricks
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was...

Black Hat Vegas 2013 – Course Summaries

Reading time: ~3 min
Posted by Charl van der Walt on 26 May 2013
Categories: Blackhat, Training
We have an updated breakdown of our BlackHat courses here With the ‘early registration’ discount period coming to an end...

BlackOps Hacking Training – Las Vegas

Reading time: ~4 min
Posted by glenn on 23 May 2013
Categories: Blackhat, Training
BlackOps you say? At SensePost we have quite a range of courses in our Hacking by Numbers series. We feel...

Stay low, move fast, shoot first, die last, one shot, one kill, no luck, pure skill …

Reading time: ~2 min
Posted by george on 23 May 2013
Categories: Blackhat, Programming
We’re excited to be presenting our Hacking By Numbers Combat course again at Black Hat USA this year. SensePost’s resident...

Your first mobile assessment

Reading time: ~3 min
Posted by etienne on 20 May 2013
Categories: Mobile, Pentest, Training
Monday morning, raring for a week of pwnage and you see you’ve just been handed a new assessment, awesome. The...

Wifi Hacking & WPA/2 PSK traffic decryption

Reading time: ~3 min
Posted by Dominic White on 09 May 2013
Categories: Blackhat, Howto, Training, Wifi
When doing wireless assessments, I end up generating a ton of different scripts for various things that I thought it...

Windows Domain Privilege Escalation : Implementing PSLoggedOn in Metasploit (+ a bonus history module)

Reading time: ~3 min
Posted by etienne on 22 April 2013
Categories: Howto, Metasploit, Pentest, Programming
There are multiple paths one could take to getting Domain Admin on a Microsoft Windows Active Directory Domain. One common...

Analysis of Security in a P2P storage cloud

Reading time: ~8 min
Posted by behrang on 12 April 2013
Categories: Analysis, Research
A cloud storage service such as Microsoft SkyDrive requires building  data centers as well as operational and maintenance costs. An alternative approach...

Google Docs XSS – no bounty today

Reading time: ~3 min
Posted by inaki on 04 March 2013
Categories: Programming, Python, Google, Vulnerability
A few days ago, during one of those nights with the baby crying at 2:00 am and the only thing...

Black Hat Europe – Bootcamp Training

Reading time: ~1 min
Posted by glenn on 04 March 2013
Categories: Blackhat
SensePost will be at Black Hat Europe 2013 to deliver the Bootcamp module of the Hacking by Numbers series. This...

Vulnerability Management Analyst Position

Reading time: ~2 min
Posted by daniel on 04 March 2013
Categories: Jobs
Have a keen interest on scanning over 12000 IP’s a week for vulnerabilities? Excited about the thought of assessing over...

IT Network Packet Wrangler

Reading time: ~2 min
Posted by daniel on 02 March 2013
Categories: Jobs
As we grow and operate on a number of continents, so does our dependence on a rock-solid IT infrastructure. We...

Adolescence: 13 years of SensePost

Reading time: ~2 min
Posted by daniel on 14 February 2013
Categories: About:us
Today was our 13th birthday. In Internet years, that’s a long time. Depending on your outlook, we’re either almost a pensioner...

Poking Around in Android Memory

Reading time: ~5 min
Posted by etienne on 11 February 2013
Categories: Memory analysis, Mobile, Programming
Taking inspiration from Vlad’s post I’ve been playing around with alternate means of viewing traffic/data generated by Android apps. The...

Client Side Fingerprinting in Prep for SE

Reading time: ~3 min
Posted by Dominic White on 16 January 2013
Categories: Footprinting, Howto, Skype, Tricks
On a recent engagement, we were tasked with trying to gain access to the network via a phishing attack (specifically...